/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package Model;

import Controller.LogManager;
import Controller.ProductManager;
import java.io.IOException;
import java.util.logging.Level;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

/**
 *
 * @author pauld
 */
@WebServlet(name = "comment", urlPatterns = {"/comment"})
public class comment extends HttpServlet {
    private static String comment = null,
            product = null;
    
    protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        
        response.setContentType("text/html;charset=UTF-8");
        
        if( ProductManager.commentProduct(product, comment, request.getSession()) ){
            LogManager.logEvent("Comment." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.INFO, "Comment Successful: " + product, request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            response.sendRedirect("viewProduct.jsp?id=" + product);
        }
        else{
            LogManager.logEvent("Comment." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.WARNING, "Comment Unsuccessful: " + product, request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            response.sendRedirect("viewProduct.jsp?id=" + product);
        }
    }
    
    //method for checking the user inputs
    //returns boolean 
    //true if user inputs are valid and fals otherwise
    private static boolean checkInput(HttpServletRequest request){
        //get the form values and store them on the variables
        comment = request.getParameter("comment-body");
        
        //check the comment field for any xss attacks
        String regexXSS = "[<(.*?)>]"; //blacklist
        Pattern pXSS = Pattern.compile(regexXSS, Pattern.CASE_INSENSITIVE | Pattern.MULTILINE);
        Matcher mComment = pXSS.matcher(comment);
        boolean resultComment = mComment.find();
        
        //check the length and validity of the
        //comment field
        if( (comment.length() > 0 && comment.length() <= 254 ) && 
                !resultComment ){
            
            return true;
        }
        else{
            LogManager.logEvent("Comment." + Thread.currentThread().getStackTrace()[1].getMethodName(), Level.WARNING, "Comment Unsuccessful - Invalid Input: " + request.getParameter(product), request.getRemoteAddr(), String.valueOf(request.getSession().getAttribute("name")));
            return false;
        }
    }
    
    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        
        product = request.getParameter("product");
                
        if( checkInput(request) )
            processRequest(request, response);
        else
            response.sendRedirect("viewProduct.jsp?id=" + product);
    }

    @Override
    protected void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        product = request.getParameter("product");
                
        if( checkInput(request) )
            processRequest(request, response);
        else
            response.sendRedirect("viewProduct.jsp?id=" + product);
    }

    @Override
    public String getServletInfo() {
        return "Short description";
    }
    
}
